Table of Contents

Medical Devices

Wearable Device

A device whose radiating element is not in direct contact with the skin, but considers elements integrated with a wearable material. The prerogative is that they cannot be rigid, so the most popular fabrics for their design are polyester, cordura, denim, fleece, felt and silk. Wearable devices also include the now very popular smart watches for monitoring physical parameters.

Epidermal Device

A device whose radiating element is very close to the skin (micron, millimeter or even tattoo distance). Therefore, its prerogative is to be flexible, stretchable, and biocompatible. They are usually very thin devices intended to act as smart medical grades, with sensors distributed on their membrane together with electronics for the acquisition and transmission of physical or chemical data.

Implanted Device

Any device, including those that are partially or fully absorbed, intended to be totally implanted in the human body, or replace an epithelial surface or the ocular surface, by clinical intervention and to remain in that location after surgery.
Also considered an implantable device is any device intended to be introduced partially into the human body by clinical intervention and to remain in that location after surgery for a period of at least 30 days.

More info: https://www.trovanorme.salute.gov.it/norme/renderNormsanPdf?anno=2017&codLeg=59843&parte=1%20&serie=null

Risk Class

Among the steps for compliance with the Medical Device Directive 93/42/EC is product classification. Medical devices are grouped, according to their complexity and potential risk to the patient, into four classes: I, IIa, IIb, III. The classification depends on the intended use indicated by the manufacturer:

Class I: low-risk devices. These can be products for external patient aid, such as crutches or wheelchairs, but also products such as stethoscopes. Devices that fall into this class do not require the involvement of a Notified Body (apart from devices that are sterile and/or have a measuring function) and must be registered with the appropriate local authorities;

Classes IIa and IIb: medium-risk devices, many electromedical devices fall into these classes;

Class III: high-risk devices, such as cardiovascular catheters or pacemakers.

More info:https://www.fda.gov/medical-devices/overview-device-regulation/classify-your-medical-device, https://health.ec.europa.eu/system/files/2021-10/mdcg_2021-24_en_0.pdf

Security and Privacy

Security:

It ensures the enforcement of boundaries against unauthorized users and the protection of data from access by unauthorized parties. For what concerns medical devices, it ensures that their functionalities must not be modified or threatened.

Cyber Security:

Computer security, cyber security, or information technology security (IT security) is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

More info: https://en.wikipedia.org/wiki/Computer_security

Physical Security:

Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, theft, vandalism, and terrorism.

More info: https://en.wikipedia.org/wiki/Physical_security

Privacy:

It defines and enforces boundaries and policies for personal data. It gives users control over the collection and use of their data. For privacy, patients should know in real time what real-timed manipulates their personal health records, and it is necessary to hide IoT devices’ locations and identities.

Fundamental Security Services

Authentication
aims to prove that an entity is effectively what it claims to be before exchanging information
(via password, key, access card, fingerprints, and so on).

Confidentiality (secrecy)
aims to protect the content of the stored/transmitted data from being disclosed to unauthorized parties (through encryption techniques).

Integrity
aims to guarantee that the content of stored or transmitted data has not been modified.

Availability
assures that system services and resources are instantly and continuously available for users.

Fundamental Privacy Services

Device-existence privacy:

Unauthorized entities should not be able to determine that a patient has an IMD/BAN.

Device-type privacy:

If device-existence privacy is not possible, unauthorized entities should not be able to determine what type of IMD/BAN is in use.

Specific-device ID privacy:
Unauthorized entities should not be able to determine the unique ID of an IMD/BAN sensor.

Measurement and log privacy:
Unauthorized entities should not be able to determine private telemetry or access stored data about the patient. The system design phase should include a privacy assessment to determine appropriate policies with respect to data access.

Bearer privacy:
Unauthorized entities should not be able to exploit IMD/BAN properties to identify the patient.

Tracking:
Unauthorized entities should not be able toleverage the physical layer (e.g., by monitoring analog sensors or matching a radio fingerprint to track or locate a patient).

Cyber Attacks

Eavesdropping:

A malicious entity can listen in on conversations between the gadgets and the caregiver. An attacker can learn about the patient’s devices, their capabilities, the instructions and settings given to the device, and patient health data by listening. An attacker can use this data to deduce and track the patient’s current condition point-by-point information.

More info: https://en.wikipedia.org/wiki/Eavesdropping

Man-In-The-Middle (MITM) attack:

It occurs when an external intruder inserts itself between the device and the caregiver, passing data between them and convincing them that they are communicating. The external intruder disables communication between the two entities by allowing information from the medical device to pass into it. By knowing the patient’s health status, an intruder can gain unauthorized access to patient information.

More info: https://it.wikipedia.org/wiki/Attacco_man_in_the_middle

Denial of Service (DoS) attack:

In the field of computer security, a denial-of-service attack or DoS attack (i.e. ‘denial of service attack’) means a malfunction due to a cyber attack in which the resources of a computer system providing a service to clients, e.g. a website on a web server, are deliberately depleted to the point where it is no longer able to provide the service to the requesting clients.  Once an association between an intruder and the device is established, the attacker can gain unauthorized access to and corrupt or make inaccessible the patient information.

More info: https://niccs.cisa.gov/cybersecurity-career-resources/glossary#P

Spoofing:

Spoofing is a type of cyber attack that employs identity spoofing in various ways. This attack technique can be used to falsify various pieces of information, such as the identity of a host within a network or the sender of a message. Once an attacker manages to impersonate someone else within a network, it is possible for him to intercept confidential information, spread false and biased information or carry out any kind of attack. It is particularly effective when combined with social engineering techniques to gain access to ‘confidential’ information and user credentials. Social media scammers or phishers may use this technique, for instance, to convince a user to connect to a malicious server, thereby intercepting his or her credentials.

More info: https://niccs.cisa.gov/cybersecurity-career-resources/glossary#S

Jamming:

Jamming is the act of deliberately disrupting (wireless) radio communications by causing them to decrease their signal-to-noise ratio, an indicator of signal clarity, typically by transmitting on the same frequency and with the same modulation as the signal you want to jam. Jamming attacks are usually launched against wireless alarm systems. By jamming the radio communication between the various elements, an attacker is able to obscure the radio signal and thus neutralise the alarm system.
A weakness of wireless systems, in fact, is their sensitivity to radio waves. A jamming action on them produces a change in the incoming signals and consequently, in serious cases, an inability to use the system itself, as the wireless environment is compromised due to the traffic of unauthorised signals being received.

More info: https://it.wikipedia.org/wiki/Jamming

Tampering:

An intentional but unauthorized act that results in the modification of a system, system components, intended behavior, or data.

Physical Attacks

Side Channel Attacks

In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs). Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited. Some side-channel attacks require technical knowledge of the internal operation of the system, although others such as differential power analysis are effective as black-box attacks.

Timing Attacks

Attacks based on measuring how much time various computations (such as, say, comparing an attacker’s given password with the victim’s unknown one) take to perform.

Power-monitoring attack:

Attacks that make use of varying power consumption by the hardware during computation.

Acoustic Cryptanalysis:

Attacks that exploit sound produced during a computation (rather like power analysis).

Electromagnetic Attack:

In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it. These attacks have the intention to capture encryption keys. Electromagnetic attacks are typically non-invasive and passive, meaning that these attacks are able to be performed by observing the normal functioning of the target device without causing physical damage. However, an attacker may get a better signal with less noise by de-packaging the chip and collecting the signal closer to the source.

More info: https://en.wikipedia.org/wiki/Electromagnetic_attack

Fault Induction Attack

Try to influence a device’s behavior, in a way that it will work on anomalous way (even to stop or die) or it will leak its secrets.

Permanent Fault

Damages the cryptographic device in a permanent way, so that it will behave incorrectly in all future computations; such damage includes freezing a memory cell to a constant value or cutting a data bus wire for example.

Transient Fault

The device is disturbed during its processing, so that it will only perform fault(s) during that specific computation; examples of such disturbances are radioactive bombing, abnormally high or low clock frequency, abnoral voltage in power supply.